HP-UX Reference (11i v3 07/02) - 1M System Administration Commands N-Z (vol 4)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

331

332

333

334

335

336

337

338

339

340

security_patch_check(1M) security_patch_check(1M)

EXAMPLES

Get the latest security patch catalog, and then analyze the local system; print (the default) human-readable

report.

security_patch_check -r

Get the latest security bulletin catalog, and then analyze localhost; write all output including warnings and

errors to ﬁle report (using /usr/bin/sh

). This is useful for using security_patch_check

in a

cron job to execute nightly.

security_patch_check -r > report 2>&1

If you would prefer to have a report mailed to you, then you can use the following (using

/bin/sh). This

will put the standard output and standard error streams together and mail them to the given e-mail

address.

security_patch_check.pl -r 2>&1 | mail

user@hostname

Analyze localhost by downloading the latest security bulletin catalog, and take

swlist output from ﬁle

swout_output .

security_patch_check -f swout_output -r

Analyze localhost, print in which security bulletins the recommended patches’ or actions’ chains were men-

tioned, whether the recommended patches or actions require reboot, and their descriptions.

security_patch_check -o brd

Analyze remote host named machineA; give output in machine-parsable format.

security_patch_check -h machineA -m

Analyze depot /patch_depot on machineA along with depot /fileset_depot

on machineB.

Assume that the depots are for HP-UX 11.00.

security_patch_check

takes swlist output from

standard input.

swlist -l fileset -a supersedes \

-a software_spec -a revision -a state -d \

@ machineA:/patch_depot \

machineB:/fileset_depot \

security_patch_check -s 11.00" -"

Analyze remote system machineA after downloading the security bulletin catalog. This example may be

considered a typical usage of security_patch_check

as a cron job.

security_patch_check -r -q -h machineA

Analyze machineA; print a table in machine-readable format only if missing patches are found.

security_patch_check -h machineA -q -m

RETURN VALUES

security_patch_check sets its exit status to one of the following values.

0 Indicates successful exit, whether or not missing actions were found.

1 Indicates an error in the command-line arguments.

2 Indicates security_patch_check received SIGQUIT, SIGINT,orSIGSTOP.

>2 Indicates other function-level run-time errors.

In the case of an error, security_patch_check prints an error message.

ENVIRONMENT

Security Patch Check uses the HOME environment variable to set default locations for the ignore ﬁle and

the default trust store. If the tool is run by root without HOME set, Security Patch Check will default to

using /var/opt/sec_mgmt/spc. Otherwise, the lack of a valid HOME will cause Security Patch Check

to terminate with an error.

When security_patch_check is run with the -r option, proxy and trust store conﬁguration vari-

ables should be set and exported in your shell environment.

HP-UX 11i Version 3: February 2007 − 6 − Hewlett-Packard Company 331